BUSINESS IMPACT ANALYSIS

LAYANAN EMAIL
_______________________________________________________________________

PT PEMBANGKITAN JAWA-BALI
Version 1.0
07 Maret 2015
Business Impact Analysis (Criticality Assessment)

Overview of the Process

Business Impact Analysis (BIA) dokumentasi adalah langkah pertama dalam proses kelangsungan
bisnis. Tujuannya adalah untuk menganalisa setiap proses bisnis dan menentukan efek bencana
yang mungkin terjadi. Hasil analisis ini akan menentukan tingkat proses bisnis 'kekritisan dan jenis
rencana yang akan diperlukan untuk kesinambungan bisnis perusahaan. Hal ini akan membantu
dalam mengembangkan strategi pemulihan yang tepat. Setelah penyelesaian BIA untuk semua
proses bisnis dan fungsi pendukung (misalnya, TI aplikasi dan infrastruktur), strategi kelangsungan
bisnis yang lengkap dapat dirumuskan dengan proses dukungan yang mencakup penting antar-
dependensi antara proses bisnis dan proses yang terkait lainnya.

End User/Management Updates

Proses BIA digunakan untuk mengevaluasi proses bisnis baru dan yang sudah ada.

BIA= Business Impact Analysis

BCP= Business Continuity Plan
RTO=Recovery Time Objective
RPO= Recovery Point Objective
Business Impact Analysis Guidelines
1.      The BIA document includes the following:
·        Business Process Description
·        Non-quantitative Loss Assessment
·        Quantitative or Financial Loss Assessment

Business Process Description

All business processes must be summarized and a recovery timeframe determined. The
recovery timeframe (in hours or days) should be determined by considering the maximum
acceptable outage beyond which the non-performance of the business process becomes
critical and unacceptable to your business.

This section will identify dependencies (other business processes or departments,

applications, et cetera). It also is critical to identify all other business processes (including
external service providers) or functions that are vital to or reliant on business process
performance.

For retail or service businesses you may want to consider individual departments or product/service
lines as a process and evaluate the need to continue to offer the products in this department of the
product/services listed. Not all your products and services will have the same profit margin or the
same customers and some will have more competition from other retailers or service providers.

Non-quantitative Loss Assessment

·        This section evaluates the non-financial loss that would be experienced if your
business process cannot perform its function. This includes items such as adverse and
negative publicity, loss of physical assets, inability to address customer needs, et cetera.
·        For the purposes of this assessment, the loss in both sections 2 and 3 is requested for
three time periods – one day, one week and greater than one week. These time periods are used
during the assessment phase to provide an overall understanding of the loss that would be
experienced should a business process be unable to function. The timeframe in which the
business process would be recovered in the event of a disaster will be determined by
reviewing a combination of the established maximum allowable outage, loss assessment,
associated costs, et cetera.

Quantitative or Financial Loss Assessment

·        This section evaluates any financial loss experienced if the business process is
unavailable for a period of time – one day, one week and greater than one week.

On completion of the BIA document , the business process criticality will be determined to
be a high, medium or low risk.
·        If the business process is rated one day or one week critical, an in-depth Business
Continuity plan is required. The BCP template should be filled out.
·        If the business process is rated greater than one week critical, development of business continuity
procedures by completing the BCP plan template but less attention to step 4 detailed testing
of its procedures would be required.
oduct/service
tment of the
argin or the
roviders.

ds are used

siness continuity
Disiapkan oleh:

Tanggal 07 Maret 2015

Nama Harnanto Wahju Nugroho

Jabatan Manajer Perencanaan & Kebijakan TI

Telepon 62811342243

Direview oleh:

Tanggal 07 Maret 2015

Nama Dodi Apriananta

Jabatan Kepala BTI

Telepon 62818586200
Section 2: Non-quantitative Loss Assessment

Definitions

Exhibit 1
HIGH [Kerugian yang cukup besar] akan secara signifikan mengganggu layanan
kepada pelanggan, menghasilkan reputasi yang negatif, menyebabkan kegagalan
hukum atau peraturan, hilangnya aset fisik, kehilangan kontrol atas catatan
penting.
MED [Kerugian Sedang] Bisa mempengaruhi beberapa layanan, menghasilkan
publikasi negatif, menunda pelaporan peraturan, menyebabkan kerugian
sementara atau kontrol atas aset fisik dan catatan penting.

LOW [Kerugian Kecil] Bisa membuat ketidaknyamanan beberapa layanan,

keterlambatan penyelesaian transaksi, atau terganggunya proses bisnis.

Exhibit 2
Risk Type Definition
Risiko Reputasi risiko akibat menurunnya tingkat kepercayaan pemangku
kepentingan (stakeholder) yang bersumber dari persepsi
negatif terhadap Perusahaan
Risiko Hukum risiko akibat tuntutan hukum dan/atau kelemahan aspek
yuridis.
Risiko Kepatuhan risiko akibat Perusahaan tidak mematuhi dan/atau tidak
melaksanakan peraturan perundang-undangan dan
ketentuan yang berlaku.
Risiko Operasional risiko akibat ketidakcukupan dan/atau tidak berfungsinya
proses internal, kesalahan manusia, kegagalan sistem,
dan/atau adanya kejadian-kejadian eksternal yang
mempengaruhi operasional Perusahaan.
Risiko Strategis risiko akibat ketidaktepatan dalam pengambilan dan/atau
pelaksanaan suatu keputusan stratejik serta kegagalan
dalam mengantisipasi perubahan lingkungan bisnis.
Section 1: Business Process Overview
Nama Layanan:
Deskripsi:
Tanggung Jawab Unit:
Business Unit Officer Name:
Keterkaitan Dengan Unit:
Pihak Yang Mensupport:
Batas Waktu Menjadi Kritis:
Recovery Point Object (RPO)
Recovery Time Object (RTO)
Solusi Manual Yang Dapat Terjadi Ketika
Layanan Tidak Tersedia Untuk Digunakan
Electronic Mail
Fasilitas yang disediakan oleh TI untuk
pengiriman surat elektronik melalui intranet &
internet.
Sub Direktorat Bidang Teknologi Informasi
Manajer Operasi dan Layanan TI
Semua Unit
BTI
4 Jam
0 (server hanya sebagai penyimpan
sementara)
1 Hari
- Komunikasi melalui telepon atau fax
- Beralih menggunakan server di DRC
 NON-QUANTITATIVE LOSS ASSESSMENT CHART
Risk Category Description
Risiko akibat ketidakcukupan dan/atau tidak berfungsinya
proses internal, kesalahan manusia, kegagalan sistem,
Risiko Operasional dan/atau adanya kejadian-kejadian eksternal yang
mempengaruhi

Risiko akibat menurunnya tingkat kepercayaan pemangku

kepentingan (stakeholder) yang bersumber dari persepsi
Risiko Reputasi negatif terhadap Perusahaan
Instructions
Using the definitions and risk categories in Exhibits 1 and 2, identify a loss that prohibits your
business process from performing its normal function for one day, one week and greater than one week.
NON-QUANTITATIVE LOSS ASSESSMENT CHART
If Loss is YES:
Notes Time Status
H, M, L
Layanan email hanya ditoleransi boleh down tidak 1 Day Y M
kurang dari 1 (satu) hari. Jika lewat dari hari yang
ditentukan maka secara otomatis sistem yang ada di 1 Week N H
DRC harus segera "Live" dikarenakan dapat
mengganggu proses operasional Greater than 1 week N H
Layanan email apabila tidak dapat digunakan lebih 1 Day Y L
dari 1 (satu) hari tidak begitu mempengaruhi risiko
operasional dikarenakan bersifat "Low" 1 Week N M

Greater than 1 week N M

1 Day

1 Week

Greater than 1 week

1 Day
1 Week
Greater than 1 week

1 Day

1 Week

Greater than 1 week

1 Day

1 Week

Greater than 1 week

1 Day

1 Week

Greater than 1 week

1 Day

1 Week

Greater than 1 week

1 Day

1 Week

Greater than 1 week

1 Day

1 Week
 Greater than 1 week

1 Day

1 Week

Greater than 1 week

s 1 and 2, identify a loss that prohibits your

on for one day, one week and greater than one week.
 1 DAY SUMMARY 1 WEEK SUMMARY GREATER THAN 1 WEEK SUMMARY

High (H) 0 1 1

Medium (M) 1 1 1

Low (L) 1 0 0

Review the responses to the questions under the Non-Quantitative Loss Assessment Chart.

Based on the loss ratings (High, Medium or Low) and your knowledge of the business process and its

relationships, select one overall loss rating for all non-quantifiable factors taken together. A loss rating

selected should be for each duration (i.e., one day, one week and greater than one week).

NON-QUANTITATIVE LOSS PRIORITY RATING

1 DAY SUMMARY 1 WEEK SUMMARY GREATER THAN 1 WEEK SUMMARY

Rating B A A

Description Medium Loss/Risk High Loss/Risk High Loss/Risk

NON-QUANTITATIVE LOSS PRIORITY RATING ~ Guidelines

One "high" on the previous page may justify an overall "A" loss rating.

Two "high" responses on the previous page may require an overall "A" loss rating.

Five or less “low” responses and only one “high” response on the previous page may

require an overall “B” rating.

Five or more “low” responses and no “high” responses on the previous page may

require an overall “C” rating.

An overall loss rating of "D" would be appropriate only where all responses are "No."

NOTES:
 Y
N

2L

2
Section 3: Quantative Loss
Please indicate your financial loss for one day, one week, and greater than one week in the columns below.

Financial Loss
Source of Financial Loss 1 Hari 1 Minggu
1. Loss of income due to unavailability of
business process: (describe)

Rp - Rp -

2. Other (describe)

- Cost of Performance Guarantees

TOTAL FINANCIAL LOSS: $ - $ -

LOSS ASSESSMENT (1 TO 4)

Financial Loss Parameter

Financial Loss Assessment
Ranking 1 Hari
From To
1 Rp 5,000,000,001 above
2 Rp 250,000,001 Rp 50,000,000
3 Rp 10,000,001 Rp 25,000,000
4 Rp - Rp 10,000,000
 e week in the columns below.

ncial Loss
Keterangan
> 1 Minggu
Tidak ada kerugian
secara finansial
apabila layanan email
Rp - down, akan tetapi
terdapat risiko
operasional.

$ -

Financial Loss Parameter

1 Minggu > 1 Minggu

From To From
Rp 100,000,000,001 above Rp 400,000,001
Rp 100,000,001 Rp 200,000,000 Rp 300,000,001
Rp 50,000,001 Rp 100,000,000 Rp 200,000,001
Rp - Rp 50,000,000 Rp -
> 1 Minggu
To
above
Rp 400,000,000
Rp 300,000,000
Rp 200,000,000
Section 4: Overall Risk Loss Assessment
Evaluation Assessment
If the Loss Assessment is rated A1 through B4 for one day or one week, the development
of a detailed Business Continuity Plan is required. Ratings of C1 through C4 may require
a detailed plan, depending on business area needs.

The Non-quantitative Loss Assessment as identified in Section 2 of the BIA.

Overall Non-Quantitative
Assessment (A, B, C, D)
One Day One Week Greater than One Week
#REF! #REF! #REF!
Financial Loss Assessment as identified in Section 3 of the BIA.

Overall Financial Assessment

(1, 2, 3, 4)
One Day One Week Greater than One Week

Overall Rating
One Day One Week Greater than One Week
#REF! #REF! #REF!
Section 4: Resources Requirements

Waktu
1 Hari 1 Minggu > 1 Minggu
Minimum staffing levels:
Managers 2 Tidak ditoleransiTidak ditoleransi
Officers 5 Tidak ditoleransiTidak ditoleransi
Office equipment:
pjbsbmdrp.ptpjb.com 1 Tidak ditoleransiTidak ditoleransi
SAN 1 Tidak ditoleransiTidak ditoleransi
Hub/Switch Network 1 Tidak ditoleransiTidak ditoleransi
Router 1 Tidak ditoleransiTidak ditoleransi
Internet 1 Tidak ditoleransiTidak ditoleransi

Others:
 Waktu
Name of system / application 1 Hari 1 Minggu > 1 Minggu
Software Lotus 1 Tidak ditoleranTidak ditoleransi
OS …. 1 Tidak ditoleranTidak ditoleransi
 Section 5: Documents Requirements
Vital records / reports / forms / documentation requirements (on server)

No Name of vital record / report / form / documentation

1 Database account email
2 Database inbox account email
3
4
5

Vital records / reports / forms / documentation requirements (paper-based)

No Name of vital record / report / form / documentation

1 Dokumentasi Configuration Work Book Lotus Domino
2
3
4
5
Location (server / drive name)
Data Center
Data Center

Location
Kantor Pusat